Ubuntu has issued an advisory on February 5: https://usn.ubuntu.com/4270-1/ Mageia 7 is also affected.
Whiteboard: (none) => MGA7TOO
Suggested advisory: ======================== The updated packages fix a security vulnerability: In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file. (CVE-2019-20421) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20421 https://usn.ubuntu.com/4270-1/ ======================== Updated packages in core/updates_testing: ======================== exiv2-0.27.1-3.3.mga7 lib(64)exiv2_27-0.27.1-3.3.mga7 lib(64)exiv2-devel-0.27.1-3.3.mga7 exiv2-doc-0.27.1-3.3.mga7 from SRPMS: exiv2-0.27.1-3.3.mga7.src.rpm
Status: NEW => ASSIGNEDVersion: Cauldron => 7CVE: (none) => CVE-2019-20421Source RPM: exiv2-0.27.2-2.mga8.src.rpm => exiv2-0.27.1-3.2.mga7.src.rpmAssignee: nicolas.salguero => qa-bugsWhiteboard: MGA7TOO => (none)
Working on this.
CC: (none) => tarazed25
Mageia7, x86_64 CVE-2019-20421 https://github.com/Exiv2/exiv2/issues/1011 $ exiv2 Jp2Image_readMetadata_loop.poc File name : Jp2Image_readMetadata_loop.poc File size : 738 Bytes MIME type : image/pgf Image size : 1007160575 x 1781334193 Jp2Image_readMetadata_loop.poc: No Exif data found in the file No infinite loop and a tidy exit which implies that the fix was already in place before the update but note that the upstream note says the fault -can- lead to an infinite loop. This system is starting at exiv2-0.27.1-3.2.mga7. Updated the four packages. $ exiv2 Jp2Image_readMetadata_loop.poc Exiv2 exception in print action for file Jp2Image_readMetadata_loop.poc: corrupted image metadata This differs from the earlier test but seems to confirm the fix. The library is used by various image viewers, nautilus, mythtv, okular, gimp, astronomy packages, gnome-shell, digikam, darktable .... $ strace -o dark.trace darktable $ grep exiv2 dark.trace openat(AT_FDCWD, "/lib64/libexiv2.so.27", O_RDONLY|O_CLOEXEC) = 3 openat(AT_FDCWD, "/usr/lib64/libexiv2.so.0.27.1", O_RDONLY) = 3 $ exiv2 JessicaAlba.tif File name : JessicaAlba.tif File size : 3229613 Bytes MIME type : image/tiff Image size : 1200 x 896 .... $ exiv2 -c "QA testing" TatianaMaslany.jpg $ strings TatianaMaslany.jpg | grep QA QA testing QA)E .... $ exiv2 -pc TatianaMaslany.jpg QA testing gthumb displays Exif information for selected images. $ strace -o thumb.trace gthumb . $ grep exiv2 thumb.trace openat(AT_FDCWD, "/usr/lib64/gthumb/extensions/exiv2_tools.extension", O_RDONLY) = 25 openat(AT_FDCWD, "/usr/lib64/gthumb/extensions/libexiv2_tools.so", O_RDONLY|O_CLOEXEC) = 24 openat(AT_FDCWD, "/usr/lib64/gthumb/extensions/libexiv2.so.27", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/lib64/libexiv2.so.27", O_RDONLY|O_CLOEXEC) = 24 stat("/usr/lib64/gthumb/extensions/libexiv2_tools.so", {st_mode=S_IFREG|0755, st_size=148064, ...}) = 0 This looks fine for 64-bits.
Whiteboard: (none) => MGA7-64-OK
Thank you, Len. Validating. Advisory in Comment 1.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0084.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED